Posted
by
msmash
on Wednesday April 25, 2018 @12:05PM
from the end-of-road dept.

In what is being seen as a major hit against cybercriminals, Europol, an international police operation, has taken down the world's biggest provider of potentially crippling Distributed Denial of Service attacks. From a report: Europol officials have shut down WebStresser, a website where users could register and launch DDoS attacks after paying for a monthly plan, with prices starting as low as $18.25. The website, considered the largest DDoS-for-hire service online, had over 136,000 users at the time it was shut down. Europol said it had been responsible for over 4 million DDoS attacks in recent years. Visitors to the web site will now see a notice stating that the site has been seized in conjunction with "Operation Power Off," which is the name of the multi-country operation that took down the site.

Europol officials have shut down WebStresser, a website where users could register and launch DDoS attacks after paying for a monthly plan, with prices starting as low as $18.25.

So someone who signs up for a service like this really is saying they intend to cause harm. While logistically difficult to prosecute everyone, it would seem logical that every user of this service should find themselves in some legal hot water. I cannot think of a single lawful reason why someone would need to use a service like this. And if there isn't a law against using a service like this there darn well should be. Obviously the providers of this "service" should be put in jail but I would argue the users of the service are really no less culpable.

There are legitimate reason for stress testing. The problem with this company is that they didn't confirm that the addresses tested belonged to their customers. They knew what they were doing and thought they could skirt the law.

Well yes but I think the point is that they shouldn't blindly prosecute the users, for using a service that doesn't check how it is being used first. Just as if you buy alcohol from a store that doesn't check ID. That store should absolutely be in deep crap, but they won't go trying to chase down the customers.
I suppose in the process of investigation, they could say go through the records of where the for hire DDOS's went. Compare that to reported hacking crimes, and where there is overlap, prosecute th

Any legitimate web-stressing service should require that you prove ownership of the domain to be stressed by adding specific markers to root-access resources. Not performing this basic safety check is criminally negligent at best, and a criminal enterprise at worst. And anyone who subscribes to and thus promotes a malicious service like that should be prosecuted. Anything else is just excuses.

Sure they do, but who's to say I'm paying her to do anything more than talk, until I ask how much a handy j costs? And paying a girl to talk to you is perfectly legal, despite other services she may or may not be offering; some call it therapy.

Any legitimate web-stressing service should require that you prove ownership of the domain to be stressed by adding specific markers to root-access resources.

Well, since the site is offline now, we can't very well see for ourselves whether or not they did so. More to the point, that's a weak check anyway since, for many sites, it is trivial to host your domain with the same provider the target site uses and send enough traffic that way to take down not only your own domain, but also any domains hosted on the same server, the same subnet or, if you send enough of the right traffic, the entire provider. The only difference is, then, the target site won't have info

I'm an electrician and computer nerd have been both for 15+ years and have been a computer nerd far longer. I make nowhere hear 6 figures, yet I understand electronics and computers a lot better than most of the users I see on slashdot.

For years, it seemed SPAM email blasting companies were the worst Internet villain imaginable, but then came the for-hire DDOS companies. Eventually they didn't even have to hide on the DarkWeb and appeared on public websites. Now anyone with even the most minor beef can take someone or something offline for a few hours for a few dollars. These things whack indie multiplayer games all the time. It's soo easy to phish someone's IP address and then target them after getting frag'd, tk'd, or blog-flamed.

Congratulations indeed, however is it only about the site or also about the owners and their infrastructure? How about the customers? It should be easy to check if they just tested their own services or were involved in some malicious activity.
One cannot have DDOS without proper infrastructure, either hacked or own, so there are much more details I would be interested to read about this issue.

Like in most of these cases if it goes to court, they'll be offered significantly reduced sentences in exchange for information that exposes others or even their entire infrastructure. And they usually cave in quickly.

What I read on my 'local' tech website (page in Dutch) [tweakers.net] is they arrested several admins in various countries, and a former admin in the Netherlands. Also, it wasn't a Europol lead operation. Law enforcement agencies of eleven nations were involved from Europe, North America and Hong Kong (Asia), 'in corporation with Europol'.

The site is seized by the US DoD. In the coordinated effort the agencies hunted down various admins. The hunt for other personnel and users of the services is ongoing.

which country where they in? Where were their servers? I assume this was illegal in their native country and they should have known better.Of coarse, being a private military contractor isn't illegal, so I'm not sure why this should be. I would think the people who own the site should have known to put it in a country with a small king and include him in on the money.

From the article: "the site's administrators, located in the United Kingdom, Croatia, Canada, and Serbia. (..) server infrastructure located in the Netherlands, the US and Germany".

I would think the people who own the site should have known to put it in a country with a small king and include him in on the money.

I'm from the NL, which is known for hosting things that are frowned upon elsewhere (eg. the NL is a popular choice for hosting porn sites). Why? Because my country has a long tradition of protecting free speech, protecting minorities, embracing diversity among groups of people etc. Besides well-connected internet inf